https://pulumi.com logo
Join the conversationJoin Slack
Channels
announcements
automation-api
aws
azure
blog-posts
built-with-pulumi
cloudengineering
cloudengineering-support
content-share
contribex
contribute
docs
dotnet
finops
general
getting-started
gitlab
golang
google-cloud
hackathon-03-19-2020
hacktoberfest
install
java
jobs
kubernetes
learn-pulumi-events
linen
localstack
multi-language-hackathon
office-hours
oracle-cloud-infrastructure
plugin-framework
pulumi-cdk
pulumi-crosscode
pulumi-deployments
pulumi-kubernetes-operator
pulumi-service
pulumiverse
python
registry
status
testingtesting123
testingtesting321
typescript
welcome
workshops
yaml
Powered by Linen
kubernetes
  • b

    billowy-army-68599

    05/18/2022, 7:50 AM
    Hey folks! If you're at KubeCon EU this morning, drop by our booth and say hello!
  • d

    dry-teacher-74595

    05/18/2022, 6:08 PM
    is there a way to change the URN created by resources in a helm chart? like give it a prefix or something?
  • d

    dry-teacher-74595

    05/18/2022, 10:39 PM
    adding to the ^question, the only problem i have with resources is the CRD the helm charts creates, helm v3 supports
    skip-crds
    flag, is there a way to pass this to the pulumi helm object?
    w
    • 2
    • 1
  • p

    powerful-planet-88446

    05/20/2022, 1:58 AM
    Is it possible to organise stacks in a subfolder?
  • p

    powerful-planet-88446

    05/20/2022, 1:58 AM
    I have an infrastructure project for several Kubernetes clusters and I'm concerned about there being so many Pulumi stack config files at the top level
  • p

    powerful-planet-88446

    05/20/2022, 1:58 AM
    Because I have a stack-per-cluster
  • a

    adorable-computer-41765

    05/20/2022, 2:56 PM
    @powerful-planet-88446 absolutely, check out: https://www.pulumi.com/docs/guides/organizing-projects-stacks/. If you are worried about access control as well to those projects and stacks you should check out the following features in the pulumi service: https://www.pulumi.com/docs/intro/pulumi-service/teams/ & https://www.pulumi.com/docs/intro/pulumi-service/projects-and-stacks/#stack-permissions
    p
    • 2
    • 6
  • r

    red-leather-22955

    05/20/2022, 6:41 PM
    Hi, We are just getting started using Pulumi in our organisation. We are using Python as we are a Python shop for our main applications. We have got Pulumi creating an eks cluser using pulumi-eks, now we are trying to get it to actually deploy something to the cluster. We are following https://www.pulumi.com/registry/packages/kubernetes/how-to-guides/eks/ modifying the code as that is in JavaScript/TypeScript, however it I'm having problems when specifying the cluster The example has:
    {
            provider: cluster.provider,
    }
    as the third parameter(opts), I tried converting this to Python as:
    opts=pulumi.ResourceOptions(provider=cluster.provider),
    However my IDE complains about it being the wrong type (Output[Provider] instead of ProviderResource) and when running
    pulumi up
    , I get:
    ValueError: Attempted to register resource kubernetes:apps/v1:Deployment with a provider for '<pulumi.output.Output object at 0x7f695f68c5d0>'
        error: an unhandled error occurred: Program exited with non-zero exit code: 1
    Any idea of what I am doing wrong or how I can fix this?
    b
    • 2
    • 4
  • w

    white-chef-55657

    05/21/2022, 6:26 AM
    hi folks, I’m looking to test a pulumi k8s setup as part of CI before actually deploying to production has anyone tried out https://github.com/helm/kind-action or https://github.com/marketplace/actions/setup-minikube ?
  • w

    white-chef-55657

    05/22/2022, 7:27 AM
    https://docs.datadoghq.com/agent/kubernetes/control_plane/?tab=helm#EKS datadog recommends adding annotations to default/kubernetes service so API server metrics are collected with pulumi, I can’t seem to find a way to GetService, but even so I remember that all of the attributes are read only and I can’t seem to find a way to specify this customization in the
    eks.Cluster
    resource ideas?
  • f

    fast-florist-41572

    05/23/2022, 3:11 PM
    I am trying to replicate what the
    pulumi-eks
    package does in golang but I appear to get an error. I'm trying to update the configmap for
    aws-auth
    . In the nodejs/eks version it does this
    const eksNodeAccess = new k8s.core.v1.ConfigMap(`${name}-nodeAccess`, {
            apiVersion: "v1",
            metadata: {
                name: `aws-auth`,
                namespace: "kube-system",
            },
            data: nodeAccessData,
        }, { parent, provider: k8sProvider });
    Which appears to work by actually altering the configmap. However in golang when I try do the same I get an error
    _, err = corev1.NewConfigMap(ctx, "aws-auth", &corev1.ConfigMapArgs{
    			Metadata: &metav1.ObjectMetaArgs{
    				Name: pulumi.String("aws-auth"),
    				Namespace: pulumi.String("kube-system"),
    			},
    			Data:       pulumi.StringMap{
    				"mapRoles": roleConfig,
    			},
    		}, pulumi.Provider(kubeProvider))
    The error is
    resource kube-system/aws-auth was not successfully created by the Kubernetes API server : configmaps "aws-auth" already exists
    o
    • 2
    • 4
  • f

    fast-florist-41572

    05/23/2022, 3:12 PM
    How does the node version manage to do it whilst the go version can't?
  • f

    flat-laptop-90489

    05/23/2022, 8:23 PM
    I'm trying to build out an EKS project in go, and I'm having some issues with credentials and providers. Wondering if anyone has tried this particular scenario yet. We have a Hashicorp Vault AWS credential backend already configured for this account. SO - I have pulumi grabbing some AWS credentials from Vault, building an AWS provider, and then using that for all of my AWS resources. This works well for most things (VPC created already, etc.) But, when I use pulumi-eks to build an EKS cluster with this provider, it fails to validate that the cluster is running. From the error messages, it appear that the pulumi operator (which is running this code), is trying to use its own credentials to access the cluster afterwards. SO, I think there's some issue with the Kubernetes provider that gets generated not using the AWS provider credentials that I used to create the cluster. At this point, I have no clue how to get around this, other than to not use the pulumi-eks library, and instead build out the cluster and node groups, etc. myself using the "standard" aws library. This would allow me to control the K8s provider that gets generated and the aws-auth configmap myself (I think) Am I missing something, or is that the correct path forward here? Also, let me know if I should post this in AWS or Go instead
    o
    s
    • 3
    • 35
  • c

    curved-morning-41391

    05/24/2022, 7:33 PM
    Anyone have good patterns around getting AWS credentials into a K8s cluster?
  • c

    curved-morning-41391

    05/24/2022, 7:34 PM
    I could obviously set them as secrets in the configfile, but was wondering if there was a way to grab them out of my local credentials file?
    s
    • 2
    • 3
  • f

    flat-laptop-90489

    05/24/2022, 7:49 PM
    Is it for the aws account that your cluster is in? You could use IRSA or kube2iam to assume roles instead
  • f

    flat-laptop-90489

    05/25/2022, 6:15 PM
    More fun with pulumi-eks and the pulumi-kubernetes-operator -
    Unable to connect to the server: getting credentials: exec plugin is configured to use API version <http://client.authentication.k8s.io/v1beta1|client.authentication.k8s.io/v1beta1>, plugin returned version <http://client.authentication.k8s.io/v1alpha1|client.authentication.k8s.io/v1alpha1>
    I was able to fix this error locally by updating to a newer version of the awscli. I can't seem to find where this is defined for the pulumi containers. Any thoughts on a workaround, and/or should I file an issue somewhere for this?
    b
    q
    +2
    • 5
    • 30
  • b

    breezy-bear-50708

    05/26/2022, 9:01 AM
    Hi all, I'm trying to use the v3.Chart resource. However I'm running into an issue that I can't seem to replicate
    --set-file
    , used for a template that that replaces a value with the file's contents. If I 1) use a json object as the value, it blows up with
    wrong type for value; expected string; got []interface {}
    . If I try to pass a yaml string literal, pulumi helpfully escapes all the newlines so that doesn't work either. So wondering if anyone knows of a way to duplicate whatever helm template --set-file does.
    s
    • 2
    • 1
  • b

    busy-island-31180

    05/26/2022, 9:12 PM
    Does anyone know why “health” checking is implicitly part of the “create” lifecycle for k8s objects? If health fails, it thinks that create fails, and the object doesn’t get stored in state. Subsequent runs fail with “already exists” error from kubernetes. I filed an issue: https://github.com/pulumi/pulumi-kubernetes/issues/1994 I think this is a fairly high priority / common use case.
    s
    • 2
    • 1
  • a

    acceptable-mechanic-48231

    05/29/2022, 6:09 PM
    Hey there! Posting my questions here because I think they are most relevant here, but if I should move this to another channel that's better suited, then let me know. I am building a component resource provider, in Go, for easily deploying my company’s platform, which is a cloud environment, such as a VPC and EKS cluster, with a suite of open-source tools that gets deployed to Kubernetes. I’ve ran into a dilemma and I’m not sure how to proceed. I’m trying to make use of the Kubernetes provider’s “CustomResource” resource in order to configure an ArgoCD application custom resource. I’ve hit a snag with that "CustomResource" resource type because one of its arguments doesn't implement Pulumi types, specifically the
    OtherFields
    field, ref. Because of that, I can’t pass it a Pulumi type for a value. This is an issue for me because my custom resource needs to support resource dependencies for a
    dependsOn
    to work, but as far as I know Pulumi’s provider type checking requires that fields implement Pulumi types if a resource is to have dependencies. Implementing plain types when my provider’s resource has a
    dependsOn
    results in an error like the following:
    error: program failed: waiting for RPCs: rpc error: code = Unknown desc = setting args: copying input "spec": application.ArgocdAppArgs.Spec is typed as map[string]interface {} but must be a type that implements pulumi.Input or pulumi.Output for input with dependencies
    Which seems to originate from here: https://github.com/pulumi/pulumi/blob/master/sdk/go/pulumi/provider.go#L564. Which seems odd that this is even a problem, because my dependency is simply a
    dependsOn
    , not an actual field dependency. So with all of that backstory laid out, my main questions are: How do I pass a pulumi type to a resource that implements a plain type? If that’s not possible, is it possible to get around the pulumi provider type checking that is requiring all fields to implement pulumi types when there are dependencies?
    b
    b
    • 3
    • 5
  • c

    curved-morning-41391

    05/31/2022, 8:38 PM
    Hey is it possible to deploy a local cluster using minikube/kind/k3s using pulumi?
    b
    s
    • 3
    • 4
  • l

    little-vegetable-79574

    06/01/2022, 6:30 PM
    Pulumi keeps overwriting
    .kube/config
    on
    pulumi up
    . How do you make it not touch the file?
    s
    • 2
    • 2
  • f

    famous-salesclerk-74711

    06/01/2022, 9:08 PM
    👋 quick q for yall - we’re using the helm.v3 construct, but the chart we’re consuming wraps an entire resource template with:
    if (.Capabilities.APIVersions.Has <some-api-resource-version>)
    which always fails, bc apparently this check returns false. is there a known way for pulumi-k8s operators to work around this, specifically around hydrating
    .Capabilities
    ? https://github.com/pulumi/pulumi-kubernetes/issues/196
    🍿 1
    f
    • 2
    • 3
  • e

    echoing-angle-67526

    06/01/2022, 10:00 PM
    Hello, i'm disabled the default k8s provider, and now i'm getting the following error when running the code below:
    let secrets: pulumi.Output<output.core.v1.ObjectReference[]> = k8s.core.v1.ServiceAccount.get("ksa-".concat(ksa.name),resourceId).secrets;
    error: Error: failed to read resource #thx/shared-db-password 'ksa-shared-db-password' [kubernetes:core/v1:ServiceAccount]: 2 UNKNOWN: Default provider for 'kubernetes:core/v1:ServiceAccount' disabled. 'kubernetes:core/v1:ServiceAccount' must use an explicit provider.
    looking at the
    k8s.core.v1.ServiceAccount.get
    api it doesn't allow you to set the k8s provider. i believe this is the same issue as https://github.com/pulumi/pulumi-kubernetes/issues/1945 ?
    g
    • 2
    • 2
  • n

    nice-lizard-13594

    06/02/2022, 10:49 AM
    Hey Pulumi friends, did anyone face warnings about
    client-side throttling
    ? If yes - How did you get rid of them? I keep getting spammed with messages like this during provisioning of my cluster(s):
    Diagnostics:
      pulumi:pulumi:Stack (development-localhost):
        I0602 12:31:12.623746   98885 request.go:665] Waited for 1.044442038s due to client-side throttling, not priority and fairness, request: GET:<https://127.0.0.1:6443/api/v1/namespaces/harbor>
        I0602 12:31:23.024342   98885 request.go:665] Waited for 1.019069815s due to client-side throttling, not priority and fairness, request: GET:<https://127.0.0.1:6443/api/v1/namespaces/minio>
      [..]
    I found several reports to delete and/or
    chown
    the
    ~/.kube/cache
    directory. This did not help for me. Any ideas?
    b
    s
    • 3
    • 7
  • w

    white-chef-55657

    06/02/2022, 1:46 PM
    how do you guys maintain docker image versions in deployments and helm charts? let’s say I use Operator to deploy a stack, I want something to open PRs on git to keep my image versions current like an SCA like renovate or snyk but for my pulumi code
    • 1
    • 1
  • p

    powerful-planet-88446

    06/03/2022, 7:02 AM
    Hi all, I'm wondering if something already exists for splitting up Pulumi components for Kubernetes into different repositories and enabling/importing them on demand?
  • p

    powerful-planet-88446

    06/03/2022, 7:03 AM
    For example, if you wanted to enable a Cilium CNI component on a cluster but not Istio
  • p

    powerful-planet-88446

    06/03/2022, 7:04 AM
    I'm about to start writing a framework that does pretty much exactly this but it seems like somewhat of a common need so I'm interested if anyone has come up with something like it
  • w

    wet-noon-14291

    06/04/2022, 10:04 PM
    A team have got into some kind of mess that I try to help out resolving. Everything started with this error:
    resource complete event returned an error: failed to verify snapshot... refers to unknown provider
    I checked the stack with a stack export, and the provider urn on the kubernetes resources seemed to use another id than what was specified on the actual kubernetes provider. So I modified those resources to have the right id (not sure if that is the right thing to do). That gave me another issue:
    error: resource xxx was not successfully created by the Kubernetes API server : services "xxx" already exists
    So then I thought I can just import those resources to my stack, so I added the import property to all the resources I had this issue. That didn't work either, I'm now back at:
    error: Preview failed: unknown provider
    So it complains on the provider missing. Looking at the stack and it seems like the provider id has changed, but not on all the resources. Do I just update the stack so everything aligns and hope for the best?
    • 1
    • 1
Powered by Linen
Title
w

wet-noon-14291

06/04/2022, 10:04 PM
A team have got into some kind of mess that I try to help out resolving. Everything started with this error:
resource complete event returned an error: failed to verify snapshot... refers to unknown provider
I checked the stack with a stack export, and the provider urn on the kubernetes resources seemed to use another id than what was specified on the actual kubernetes provider. So I modified those resources to have the right id (not sure if that is the right thing to do). That gave me another issue:
error: resource xxx was not successfully created by the Kubernetes API server : services "xxx" already exists
So then I thought I can just import those resources to my stack, so I added the import property to all the resources I had this issue. That didn't work either, I'm now back at:
error: Preview failed: unknown provider
So it complains on the provider missing. Looking at the stack and it seems like the provider id has changed, but not on all the resources. Do I just update the stack so everything aligns and hope for the best?
Making sure the ids/urn aligned once more fixed the deploy.
View count: 10